Mountroot issues after 2.2 upgrade

Ok, so as I wrote in that other post it could be a device naming issue which is covered in the upgrade guide. If you type ? at that prompt and you see some devices specifically ada6 then you just need to reset the mount point.

Don't know about Bandwidthd. I know it works under 2.2. Did that prevent the box booting?

Can somebody change this title ? promotes negative vibes … everybody knows that if you install a product that was released YESTERDAY even if it is in "RELEASE" status issues can occur because an internal "test" cannot beat hundreds of users installing and breaking things :)

How about renaming title to "mountroot issues after 2.2 upgrade"

But just for the record ... what were the model / hardware configuration of your other systems that bricked ? were they installed on SD cards, CF cards, SSD ?? ... what storage ? I have seen mountroot issues unless you added a "delay" in the booting process, especially for usb connected media.

I upgraded two systems today, both via the autoupgrade. One is a little nanoBSD box at home and the other is the main firewall at work - running on a Dell. Both upgrades were flawless with no problems - both boxes support a pair of WAN interfaces with LAN, Wi-Fi, SIP, and a VPN and custom rules.

I read through the upgrade notes before performing the upgrades - and uninstalled all packages prior to running the autoupgrade and made backups of the configurations. Uninstalling the packages is something that I have not done in the past and it definitely made the whole process much quicker than past upgrades.

I upgraded two systems today, both via the autoupgrade. One is a little nanoBSD box at home and the other is the main firewall at work - running on a Dell. Both upgrades were flawless with no problems - both boxes support a pair of WAN interfaces with LAN, Wi-Fi, SIP, and a VPN and custom rules.

I read through the upgrade notes before performing the upgrades - and uninstalled all packages prior to running the autoupgrade and made backups of the configurations. Uninstalling the packages is something that I have not done in the past and it definitely made the whole process much quicker than past upgrades.

so uninstall the package first and then use autoupgrade and import the package backup config after?

and in the advanced settings TAB I enabled Prefetch Support, Prefetch DNS Key Support (these should make DNS abit zippier) (also optional)

I considering enabling Harden Glue and Harden DNSSEC data but I'm no sure. Maybe someone else will chime in. The POSSIBLE issue I see is that once I turn those on any site on the web that hasn't configured DNS 100% perfectly might just disappear and become unavailable to me even though they aren't spoofing or being spoofed? Not sure how this will impact my network if I turn them on basically.

Also, I went to system > general setup and deleted all my DNS server IPs from that list. (seems optional)

Then I un-checked "Allow DNS server list to be overridden by DHCP/PPP on WAN" (seems optional)

and I checked "Do not use the DNS Forwarder as a DNS server for the firewall" (seems required)

And clicked save - always click save when you change things.

These changes should take you off the ISP DNS, any public DNS servers and put you on the Internets main root DNS servers with DNSSEC.

At this point, the only issue (not really an issue) is that large well organized very good ISPs may cache alot of content and may also direct you to the very nearest content servers if you are using their DNS, which you will not be. I'm not too sure how big a performance hit you may take, if any. Maybe someone else can chime in on that subject?

I haven't noticed anything bad myself. I have noticed less issues on the physical LAN with windows machines. They seem to be resolving much faster and more reliably now.

Here in my location, I'm VPNing in and using pfsense DNS over the tunnel and its resolving both IPv4 and IPV6 just fine.

Waited for the wife to go out shopping and completed the task as per kejianshi instructions. I have noticed a snappier response and I am quite happy with the performance.The only step I didn't follow was to delete the DNS servers from the general setup.

One other bonus that I wasn't expecting is that I no longer have DNS leaks connecting as a VPN client ;D

Very unusual, most people would expect that if you delete a package, the related config would be deleted too. Everywhere in the world it works like this, otherwise how can somebody start with a package from scratch?

how did you backup the package? or just import the anything after autoupgraded?

Before you start the upgrade you just delete any packages that you have installed from the main Package menu - pfSense seems to remember the package settings that you used and after the upgrade you just re-install the packages again. You'll want to visit the configuration menu for each package after the upgrade just to check but I've always found that all of the settings are preserved.

It's smart to always make a backup of the configuration locally - you can always dig through the XML if there are problems and figure out what most of the package settings were if something does go wrong.

Very unusual, most people would expect that if you delete a package, the related config would be deleted too. Everywhere in the world it works like this, otherwise how can somebody start with a package from scratch?

Nevertheless, I admit that this is useful now.

Yes, "it depends". Sometimes it is really handy that you can uninstall a package, then install again, and the settings are preserved. Other times it is some crap combination of settings that is the problem and actually you want to remove all settings also and start from scratch.
It would be handy to have an option on both deinstall and install to select "get rid of any settings for this package".

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.